- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Fri, 21 Mar 2014 08:59:45 +0100
- To: "Julian Reschke" <julian.reschke@gmx.de>
- Cc: "Mark Nottingham" <mnot@mnot.net>, "HTTP Working Group" <ietf-http-wg@w3.org>, "Gabriel Montenegro" <gabriel.montenegro@microsoft.com>
Le Ven 21 mars 2014 08:19, Julian Reschke a écrit :
> On 2014-03-21 05:36, Mark Nottingham wrote:
>> One of the things we didn't get time to talk about in London was
>> Gabriel's spec:
>> http://tools.ietf.org/html/draft-montenegro-httpbis-uri-encoding-00
>>
>> In a nutshell, this offers a way for a client to declare what character
>> encoding was used prior to percent-encoding.
>>
>> I've heard hallway feedback about it that wonders if we just want to
>> allow one value ("UTF-8"). Beyond that, folks seem generally
>> neutral-to-positive about it, AFAICT.
>>
>> What do people think about adopting this as a WG item, keeping in mind
>> that we can change it in process if there's some particular aspect you
>> don't like?
>>
>> Cheers,
>>
>> P.S. Just to be clear, this would be completely separate from the HTTP/2
>> work item.
>
> My concerns are the same as when this was presented first: how does this
> help?
>
> I hear that it makes security checks more reliable, but then, you can't
> rely on the header field being accurate
There is a difference between working in heuristics mode all the time with
crossed fingers and rabbit legs and working in deterministic mode with
simple error handling (and error handling can be abort when what the other
node declares and what you receive are different – much more secure than
generalized guesswork)
--
Nicolas Mailhot
Received on Friday, 21 March 2014 08:00:32 UTC